Cisco Bug: CSCvr95419 - NCS1004: KE SA not up with default policy when user-defined policy exist for other SA
May 29, 2020
- Cisco Network Convergence System 1000 Series
Known Affected Releases
Release-note Symptom: [Applicable only for NCS1004 when ODU controllers are configured with L1-Encryption] Failed to bring up IKEv2 SA with default ikev2 policy between two ODU controllers and no syslogs seen for IKEv2-6-SA_UP and OTNSEC-2-SESSION_SECURED Example: %SECURITY-IKEv2-6-SA_UP : local:192.168.1.2:500/remote:192.168.1.1:500/i_vrf:0/f_vrf:0 IKEv2 SA UP as Initiator (I:0xC219E3EC149FFC10, R:0x2D7E64430801A390) %SECURITY-OTNSEC-2-SESSION_SECURED : Controller ODU40/3/0/0/1, Otnsec session secured Conditions: When some of the ODU controllers are configured to bring up IKEv2 SA with user-defined policy and others with default IKEv2 policy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases